Policies and Procedures and Documentation Requirements

Policies and Procedures and Documentation Requirements

Last Modified: April 03, 2017

Reference: 164.316

Policies and Procedures - 164.316(a)

Visible Health has a formalized Policy Management program that ensures that policies are developed, implemented, and updated according to best practice and organization requirements. In the words of our auditors, this is a policy about our policies.

Standard Description
Policies and Procedures (Req) Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart, taking into account those factors specified in § 164.306(b)(2)(i), (ii), (iii), and (iv). This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirements of this subpart.

Documentation - 164.316(b)(1)(i)

Visible Health retains the necessary policies and documentation for a minimum of 6 years. All policies and procedures are available and distributed to personnel as a static website. Visible Health has an update and review process for reviewing all policies and procedures and updating them as necessary. Additionally, Visible Health tracks and maintains revision history, approval signature, and timestamps to ensure policies are reviewed and updated according to organization requirements.

Standard Description
Time Limit (Req) Retain the documentation required by paragraph (b)(1) of this section for 6 years from the date of its creation or the date when it last was in effect, whichever is later.
Availability (Req) Make documentation available to those persons responsible for implementing the procedures to which the documentation pertains.
Updates (Req) Review documentation periodically, and update as needed, in response to environmental or operational changes affecting the security of the electronic protected health information.